[foaf-protocols] keygen substitute for Windows?

Bruno Harbulot Bruno.Harbulot at manchester.ac.uk
Wed Jan 13 17:31:06 CET 2010


I've just updated http://github.com/harbulot/keygenapp
The server-side is in Java, but that's not really where the problem is 
in practice, it's the client-side (HTML and JavaScript) that's more 

It should now auto-detect the capabilities of the browser. It can 
generate a certificate within the browser under:
- MS IE8, Windows XP
- MS IE8, Windows Vista
- MS IE8, Windows Server 2008
- Firefox 3.5, Linux
(I haven't tried other combinations.)

Best wishes,


Bruno Harbulot wrote:
> Hi Henry,
> I've just updated http://github.com/harbulot/keygenapp to create 
> certificates under Windows using the CertEnroll API.
> This should work for the Vista and above family (only tried with Vista 
> and Server 2008).
> To get this to work, you need to:
> 1. add the site to the 'Trusted Sites' list
> 2. allow IE to run ActiveX controls that would not be marked as safe (in 
> 'Trusted Sites' -> 'Custom Settings...')
> 3. import the dummy CA certificate of this site as a trusted root CA 
> cert (if below Vista SP1).
> This last point is only required because, like when using keygen, this 
> doesn't produced self-signed certificates but certificates signed by the 
> site. Vista (before SP1, according to the doc - I've only tried with 
> SP2) doesn't have the option to let you import a certificate for which 
> it can't build a certification path. It could actually be a big deal to 
> request users to add the foaf.me cert as a trusted root CA in terms of 
> security. Another way around this would be to create a self-signed 
> certificate directly, but I can't find anything to do this, with 
> web-allowed methods, using CertEnroll.
> Best wishes,
> Bruno.
> Story Henry wrote:
>> Hi Peter,
>> 	I have been a bit busy doing other things since the new year, so I have not been following that closely what has been happening on the list.
>> 	I was wondering if you had some ideas on how to get the keygen equivalent to work on Windows. That would be something that would allow us all to help Windows (IE in particular) users to participate.
>> 	We only got as far as a few of the posts listed on the wiki http://esw.w3.org/topic/foaf+ssl
>> under "Ease of creating certificates". Perhaps you know someone in the Windows world who can help us here?
>> 	Henry
>> Social Web Architect
>> Sun Microsystems		
>> Blog: http://blogs.sun.com/bblfish

More information about the foaf-protocols mailing list